trefactor sign_release to use gnupg directly via subprocess - amprolla - devuan's apt repo merger
(HTM) git clone git://parazyd.org/amprolla.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit ea2b4dd29579b36f02547ba089383cdefa463f8c
(DIR) parent 57ac2b2a17fbeb08fc845bbb0b275d22c568892f
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Fri, 11 Aug 2017 10:35:39 +0200
refactor sign_release to use gnupg directly via subprocess
removes the need for python-gnupg which tends to have a relatively
unstable API and doesn't work properly on some machines.
Diffstat:
M README.md | 8 ++++----
M doc/setup.md | 2 +-
M lib/release.py | 31 +++++++++++++++++--------------
3 files changed, 22 insertions(+), 19 deletions(-)
---
(DIR) diff --git a/README.md b/README.md
t@@ -19,19 +19,19 @@ of the according `Release` files.
Dependencies
------------
-amprolla requires Python 3, and some external modules for it. The lowest
-version it's been tested on was Python 3.4.
+amprolla requires Python 3, the lowest version it's been tested on was
+Python 3.4. It also requires the python-requests library.
### Devuan/Debian
```
-rsync gnupg2 python3-requests python3-gnupg
+rsync gnupg2 python3-requests
```
### Gentoo:
```
-net-misc/rsync app-crypt/gnupg dev-python/requests dev-python/python-gnupg
+net-misc/rsync app-crypt/gnupg dev-python/requests
```
(DIR) diff --git a/doc/setup.md b/doc/setup.md
t@@ -14,7 +14,7 @@ with the extra needed dependencies is using your package manager.
You will need the following:
```
-python3, python-gnupg, python-requests, gnupg2, rsync
+python3, python-requests, gnupg2, rsync
```
After installing the required dependencies, clone the amprolla git repo
(DIR) diff --git a/lib/release.py b/lib/release.py
t@@ -7,11 +7,12 @@ Release file functions and helpers
from datetime import datetime, timedelta
from gzip import decompress as gzip_decomp
from lzma import compress as lzma_comp
-from os.path import basename, getsize, isfile
-import gnupg
+from os.path import getsize, isfile
+from subprocess import Popen
from lib.config import (checksums, distrolabel, gpgdir, release_aliases,
release_keys, signingkey)
+from lib.log import info
from lib.parse import parse_release_head
t@@ -85,19 +86,21 @@ def write_release(oldrel, newrel, filelist, r, sign=True, rewrite=True):
def sign_release(infile):
"""
- Signs both the clearsign and the detached signature of a Release file
+ Signs both the clearsign and the detached signature of a Release file.
+
+ Takes a valid path to a release file as an argument.
"""
- gpg = gnupg.GPG(gnupghome=gpgdir)
+ args = ['gpg', '-q', '--default-key', signingkey, '--batch', '--yes',
+ '--homedir', gpgdir]
- stream = open(infile, 'rb')
+ clearargs = args + ['--clearsign', '-a', '-o',
+ infile.replace('Release', 'InRelease'), infile]
+ detachargs = args + ['-sb', '-o', infile+'.gpg', infile]
- # Clearsign
- signed_data = gpg.sign_file(stream, keyid=signingkey, clearsign=True,
- detach=False)
- inrel = open(infile.replace('Release', 'InRelease'), 'wb')
- inrel.write(signed_data.data)
- inrel.close()
+ info('Signing Release (clearsign)')
+ cleargpg = Popen(clearargs)
+ cleargpg.wait(timeout=5)
- # Detached signature (somewhat broken?)
- # gpg.sign_file(stream, keyid=signingkey, clearsign=False, detach=True,
- # output=infile + '.gpg')
+ info('Signing Release (detached sign)')
+ detachgpg = Popen(detachargs)
+ detachgpg.wait(timeout=5)